<?php
	include("HTML_top.php");
	include("header.php");
?>

<?php

	if (isset($_GET['email']) && isset($_GET['title']))
	{
		include("conn.php");
		connectToDB();
		
		if (isset($_GET['watch']))
		{
			mysql_query("INSERT INTO user_watches VALUES ('".$_SESSION['user']['email']."', '".$_GET['email']."', '".addslashes($_GET['title'])."')");
		}
		
		if (isset($_GET['unwatch']))
		{
			mysql_query("DELETE FROM user_watches WHERE watcher='".$_SESSION['user']['email']."' AND email='".$_GET['email']."' AND title='".addslashes($_GET['title'])."'");
		}
		
		if (isset($_POST['createPP_url']))
		{
			$q = "INSERT INTO pushpin VALUES (";
			
			$q .= "'" . $_GET['email'] . "', ";
			$q .= "'" . addslashes($_GET['title']) . "', ";
			$q .= "'" . addslashes($_POST['createPP_url']) . "', ";
			$q .= "'" . addslashes($_POST['createPP_description']) . "', ";
			$q .= 'CURRENT_TIMESTAMP)';
			
			if (!mysql_query($q))
				echo '<font style="color:red">Could not create PushPin -- duplicate exists!</font><br/><br/>';
			else if (isset($_POST['createPP_tags'])) // success
			{
				$tags = preg_split("/,/", $_POST['createPP_tags']);
				$n = count($tags);
				if ($tags[0] != '')
				{
					for ($i=0; $i < $n; $i++)
						mysql_query("INSERT INTO pushpin_tags VALUES ('".$_GET['email']."', '".addslashes($_GET['title'])."', '".addslashes($_POST['createPP_url'])."', '".addslashes($tags[$i])."')");
				}
			}
		}
		
		if (isset($_GET['delurl']))
		{
			mysql_query("DELETE FROM pushpin WHERE email='".$_SESSION['user']['email']."' AND title='".addslashes($_GET['title'])."' AND url='".addslashes($_GET['delurl'])."';");
		}
		
		$q = mysql_query("

		SELECT u.name,c.title,c.category,c.private,MAX(p.modified),COUNT(DISTINCT w.watcher)
		FROM user AS u
		INNER JOIN corkboard AS c ON c.email=u.email
		LEFT OUTER JOIN pushpin AS p ON c.email=p.email AND c.title=p.title 
		LEFT OUTER JOIN user_watches AS w ON c.email=w.email AND c.title=w.title
		WHERE c.email='" . $_GET['email'] . "' AND c.title='" . addslashes($_GET['title']) . "'

		");
		
		$r = mysql_fetch_array($q);
		if (!is_null($r['name'])) // CB exists
		{
			$auth = true;
			if ($r['private'] == '1')
			{
				$auth = false;
				if (isset($_POST['pass']))
				{
					$pass = mysql_fetch_array(mysql_query("SELECT `password` FROM `corkboard` WHERE `email`='".$_GET['email']."' AND `title`='".addslashes($_GET['title'])."';"));
					
					if ($_POST['pass'] == $pass['password'])
						$auth = true;
				}
				
				if (!$auth)
				{
					echo 'This CorkBoard is private.<br/><br/>Please enter the CorkBoard\'s password to continue:<br/>';
			
					echo '<form action="corkboard.php?email=' . urlencode($_GET['email']) . '&title=' . urlencode($_GET['title']) . '" method="post">';
			
					echo '<input type="password" name="pass" size="25" /><br/>';
				
					if (isset($_POST['pass']))
						echo '<font style="color:red">Incorrect password.</font>';
				
					echo '<br/><input type="submit" value="Submit" />';
			
					echo '</form>';
				}
			}
		
			if ($auth)
			{
				echo $r['name'];
			
				if ($_GET['email'] == $_SESSION['user']['email'])
					echo ' (you)';
				else
				{
					$f = mysql_query("SELECT * FROM user_follows WHERE follower='" . $_SESSION['user']['email'] . "' AND followed='" . $_GET['email'] . "'");
					if (mysql_num_rows($f) == 0)
						echo ' <a href="index.php?follow=' . urlencode($_GET['email']) . '&name='.urlencode($r['name']).'">(follow)</a>';
					else
						echo ' <a href="index.php?unfollow=' . urlencode($_GET['email']) . '&name='.urlencode($r['name']).'">(unfollow)</a>';
				}
			
				echo '<h2 style="margin-bottom:0">' . $r['title'];
				
				if ($_GET['email'] == $_SESSION['user']['email'])
					echo ' <a href="index.php?del=' . urlencode($_GET['title']) . '">(delete)</a>';
				
				echo '</h2>';
				
				echo 'in ' . $r['category'] . '<br/>';
			
				if (!is_null($r['MAX(p.modified)']))
				{
					echo '<i>Last updated ' . date('g:i A F j, Y', strtotime($r["MAX(p.modified)"])) . '</i>';
				
					echo '<hr/>';
				
					$pq = mysql_query("
					SELECT url, description
					FROM 
					(
					user AS u LEFT JOIN corkboard AS c ON u.email=c.email
					LEFT JOIN pushpin AS p ON c.title=p.title AND p.email=c.email
					) 
					WHERE p.email='" . $_GET['email'] . "' AND p.title='" . addslashes($_GET['title']) . "';
					");
				
					while ($pr = mysql_fetch_array($pq))
					{
						echo '<a href="pushpin.php?email=' . urlencode($_GET['email']) . '&title=' . urlencode($_GET['title']) . '&url=' . urlencode($pr['url']) . '"><img src="' . $pr['url'] . '" alt="' . $pr['description'] . '" title="' . $pr['description'] . '" style="border:0;margin:15px;" width="350" /></a>';
					}
				}
				else
					echo '<p>This CorkBoard has no PushPins!</p>';
			
				if ($_GET['email'] == $_SESSION['user']['email'])
					echo '<br/><a href="create_pushpin.php?email='.urlencode($_GET['email']).'&title='.urlencode($_GET['title']).'">Create new PushPin</a>';
				echo '<hr/>';
				echo 'This CorkBoard has ' . $r['COUNT(DISTINCT w.watcher)'] . ' watcher(s)';
			
				if ($r['private'] == '0' && $_GET['email'] != $_SESSION['user']['email'])
				{
					$w = mysql_query("SELECT * FROM user_watches WHERE watcher='" . $_SESSION['user']['email'] . "' AND email='" . $_GET['email'] . "' AND title='" . addslashes($_GET['title']) . "'");
					if (mysql_num_rows($w) == 0)
						echo ' <a href="corkboard.php?email=' . urlencode($_GET['email']) . '&title=' . urlencode($_GET['title']) . '&watch">(watch)</a>';
					else
						echo ' <a href="corkboard.php?email=' . urlencode($_GET['email']) . '&title=' . urlencode($_GET['title']) . '&unwatch">(unwatch)</a>';
				}
			}
		}
		else
			echo 'No such CorkBoard exists! Maybe it got deleted?';
	}
	else
	{
		echo 'Unspecified CorkBoard &mdash; you shouldn\'t be here!';
	}

?>

<?php
	include("footer.php");
	include("HTML_bottom.php");
?>
